1, 网络优化
[wang@c6 ~]# cat a
net.ipv4.tcp_keepalive_time=600 #(10分钟) 默认是2小时7200s
net.ipv4.tcp_keepalive_probes=3 #当探测没有确认, 发送确认包的次数默认9次
net.ipv4.tcp_keepalive_intvl=15 #当探测没有确认,每次发送的时间间隔 默认75s
net.ipv4.tcp_max_syn_backlog=8192 #SYN队列的长度,默认1024,加大以容纳更多等待连接的网络连接
net.ipv4.tcp_syncookies=1 #表示开启,默认关闭;当出现SYN等待队列溢出时,启用cookies来处理,
net.ipv4.tcp_tw_reuse=1 #表示开启重用,默认关闭;允许将TIME-WAIT sockets重新用于新的TCP连接
net.ipv4.tcp_tw_recycle=1 #表示开启,默认关闭;TCP连接中TIME-WAIT 快速回收
net.ipv4.tcp_max_tw_buckets=5000 #同时保持TIME_WAIT套接字的最大数量,如果超过这个数字,TIME_WAIT套接字将被清除
net.ipv4.tcp_fin_timeout=30 #默认60s,修改系默认的 TIMEOUT 时间
#修改配置
[wang@c6 ~]# cat a |grep -v ^$|sed 's/^/sysctl -w /' |bash
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fin_timeout = 30
#保存配置
[wang@c6 ~]# cat a >> /etc/sysctl.conf
....
2,tomcat配置
executor 执行器(线程池)https://tomcat.apache.org/tomcat-8.0-doc/config/executor.html
http 连接器(接收不同的协议请求):https://tomcat.apache.org/tomcat-8.0-doc/config/http.html
a, server.xml
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" /> -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="500" prestartminSpareThreads="true" minSpareThreads="10"
/>
<Connector executor="tomcatThreadPool"
port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol" redirectPort="8443"
connectionTimeout="20000"
maxConnections="10000" acceptCount="100" acceptorThreadCount="2"
maxCookieCount="500" useSendfile="true"
maxKeepAliveRequests="500" processorCache="500"
socketBuffer="9000" socket.appReadBufSize="8192" socket.appWriteBufSize="8192"
socket.bufferPool="500" socket.processorCache="500" socket.socketWrapperCache="500"
URIEncoding="UTF-8"
compression="off" compressionMinSize="1024"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json"
/>
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="C:\tomca.keystore"
keystorePass="123456"
clientAuth="false"
/>
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks" type="RSA" />
</SSLHostConfig>
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
b, setenv.sh
[wang@c6 ~]# grep -n setenv.sh /opt/apache-tomcat-8.5.54/bin/catalina.sh
27:# setenv.sh in CATALINA_BASE/bin to keep your customizations separate.
153:# but allow them to be specified in setenv.sh, in rare case when it is needed.
156:if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then
157: . "$CATALINA_BASE/bin/setenv.sh"
[wang@c6 ~]# grep -n setenv.bat /opt/apache-tomcat-8.5.54/bin/catalina.bat
26:rem setenv.bat in CATALINA_BASE/bin to keep your customizations separate.
31:rem local customizations made in a CATALINA_BASE/bin/setenv.bat script
172:rem but allow them to be specified in setenv.bat, in rare case when it is needed.
180:if exist "%CATALINA_HOME%\bin\setenv.bat" call "%CATALINA_HOME%\bin\setenv.bat"
[wang@c6 ~]# cat /opt/apache-tomcat-8.5.54/bin/setenv.sh
JAVA_OPTS="$JAVA_OPTS -Djava.security.egd=file:/dev/./urandom \
-Xms4g -Xmx4g -XX:NewSize=2g -XX:MaxNewSize=2g -XX:SurvivorRatio=8 \
-XX:+UseG1GC"
c, 监控页面查看
[wang@c6 ~]# tail -4 /opt/apache-tomcat-8.5.54/conf/tomcat-users.xml
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
</tomcat-users>
[wang@c6 ~]# tail -4 /opt/apache-tomcat-8.5.54/conf/Catalina/localhost/manager.xml
<Context privileged="true" antiResourceLocking="false" docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^192.168.*$" />
</Context>
#### 这个文件,可以保持不动 (只需修改以上两个文件) ####
[wang@c6 ~]# tail -4 /opt/apache-tomcat-8.5.54/webapps/manager/META-INF/context.xml
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
d, 日志保留期限
[wang@c6 ~]# grep maxDays /opt/apache-tomcat-8.5.54/conf/server.xml -A 1
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" maxDays="1"
prefix="localhost_access_log" suffix=".txt"
[wang@c6 ~]# grep maxDays /opt/apache-tomcat-8.5.54/conf/logging.properties
1catalina.org.apache.juli.AsyncFileHandler.maxDays=1
2localhost.org.apache.juli.AsyncFileHandler.maxDays=1
3manager.org.apache.juli.AsyncFileHandler.maxDays=1
4host-manager.org.apache.juli.AsyncFileHandler.maxDays=1